Ali Polatel wrote:
>
> On Sun, 10 Oct 2010 11:35:02 -0700 (PDT), Roland McGrath <roland redhat com>
> wrote:
> >
> > The report_syscall_entry hook is the only one you need to prevent the
> > system call from running. If it returns UTRACE_SYSCALL_ABORT, then the
> > system call will fail with the ENOSYS error code. You only need to use a
> > report_syscall_exit hook if you want the registers the user process sees
> > after attempting the system call to be different from that.
>
> Neat. Although returning just UTRACE_SYSCALL_ABORT doesn't work. It just
> makes the process hang for me.
I guess, the process doesn't hang but stops in TASK_TRACED?
This is because UTRACE_STOP == 0, and thus UTRACE_SYSCALL_ABORT alone
actually means UTRACE_SYSCALL_ABORT | UTRACE_STOP.
->report_syscall_entry() returns 2 values or'ed, utrace_syscall_action() |
utrace_resume_action().
> I had to do:
> return (no == SYS_socket)
> ? UTRACE_SYSCALL_ABORT | UTRACE_RESUME
This is correct.
> ubox_syscall_exit(u32 action, struct utrace_engine *engine, struct pt_regs
> *regs)
> {
> enum utrace_syscall_action decision;
>
> decision = utrace_syscall_action(action);
> switch (decision) {
> case UTRACE_SYSCALL_ABORT:
> syscall_set_return_value(current, regs, -EPERM, -1);
> /* fall through */
> default:
> return UTRACE_RESUME;
> }
> }
>
> The decision argument is never set to UTRACE_SYSCALL_ABORT for me. It's
> always 0 aka UTRACE_SYSCALL_RUN.
This is correct. utrace doesn't pass utrace_syscall_action() returned
by ->report_syscall_entry() to ->report_syscall_exit().
You can do syscall_set_return_value(EPERM) in report_syscall_entry().
Otherwise I think your engine should remember that this syscall was
nacked by report_syscall_entry().
Oleg.
